diff options
| author | Eric Paris <eparis@redhat.com> | 2011-06-29 00:11:17 -0400 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2011-08-11 23:35:48 -0400 |
| commit | 4ad18969546c16bd78206799de642af6eb2293ea (patch) | |
| tree | 56f67b320d65d9369bec51e07a3fcf44017bdaf4 /libselinux/src/setrans_client.c | |
| parent | 5619635063741e1c8c9cf53a8746dd29be0cda79 (diff) | |
| download | android_external_selinux-4ad18969546c16bd78206799de642af6eb2293ea.tar.gz android_external_selinux-4ad18969546c16bd78206799de642af6eb2293ea.tar.bz2 android_external_selinux-4ad18969546c16bd78206799de642af6eb2293ea.zip | |
libselinux: resolv symlinks and dot directories before matching paths
matchpathcon cannot handle ./ or ../ in pathnames and doesn't do well
with symlinks. This patch uses the glibc function realpath() to try to
determine a real path with resolved symlinks and dot directories. For
example before this pach we would see:
$ matchpathcon /tmp/../eric
/tmp/../eric <<none>>
$ matchpathcon /eric
/eric system_u:object_r:default_t:s0
Whereas after the path we get the same results. The one quirk with the
patch is that we need special code to make sure that realpath() does not
follow a symlink if it is the final component. aka if we have a symlink
from /eric to /tmp/eric we do not want to resolv to /tmp/eric. We want
to just resolv to the actual symlink /eric.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Diffstat (limited to 'libselinux/src/setrans_client.c')
0 files changed, 0 insertions, 0 deletions